The threat to your computer system from the Internet
Can your employees access the internet from your computer system? Does this concern you?
If the answer to the last question is "no" then you are not aware of the increasingly sophisticated techniques that criminals are using to target computer systems and the valuable information that they hold.
Depending upon the size and complexity of your business you may, or may not, have in-house computer expertise. Many small businesses only change or update their computer software occasionally and may not keep what they do have up-to-date. Are you one of these? It is probable that many specialist criminals are more expert than the owners and users of the systems that they attack.
Use of the internet can expose your computer system to many different types of infiltration. Not all of these will have criminal intentions. Many are designed to track your use of the internet, to allow targeted advertising to be sent to you. The agreements associated with many computer programmes and downloads are so long and complex that you may not even realise that you are agreeing to such "adware" being placed, along with the programme you want, onto your system.
Most internet users are aware of the need to be suspicious of unexpected attachments to e-mails, in case they contain viruses; but do your employees know of the other ways in which malware (malicious software) can find its way onto your system, even without opening an attachment.
Cyber-criminals will use whatever route they can to exploit weaknesses in your computer system, including e-mail, instant messaging systems, spam, internet browser weaknesses, key-logging software, spyware and downloads, etc.
Even the terminology associated with computer network security is increasing. If you don't understand the terms, how can you understand the threat or event the advice you are given?. Do you understand what is meant by terms such as "rootkit", "bots and zombies", "packers", "cryptors", "trojan", "drive-by downloads" or "worm"?
For 2007 a number of specialist computer security companies are predicting an increased use, by cyber-criminals, of "rootkits". Although there are legitimate uses for these, they are programmes which can be used maliciously to monitor or control your system, without you knowing about it. They are designed to stay hidden, so once they have infiltrated your computer system they can be very difficult to detect, even with specialist security software.
Rootkits can be "deposited" in a number or ways, but one is by computer virus; so keeping the anti-virus, anti-spyware and firewall protections on your system right up-to-date can help defend against the "harder to detect" rootkit malware.
So the lesson to be learned seems to be, keep up-to-date i.e. your knowledge, your system security, and your staff training.
If you haven't reviewed your system security within the last 12 months think about doing it now. Make this review as comprehensive as you can e.g. Do you restrict internet access? Can your staff visit websites without restriction? Are they free to download things from the internet or upload data from discs or memory sticks? What logs does the system generate? Have staff been trained about the "do's and don'ts" for internet and e-mail use? Do you have access to up-to-date computer security advice? Are the security applications adequate? Are they kept up-to-date automatically etc? Have they been independently tested? Do you use a wireless Wi-Fi network either at your own premises or at employee's homes? Do you know what security is in place for these? Do you keep an archive of your computer data (or just one back-up copy which may not work)?
As the old saying goes "If you're not worried, then you don't understand the problem !".
Department of Trade & Industry - Information Security website advice section (includes a Glossary, Online Security Health Check, free ITSafe warning service (with 10 minute beginners guide), plus numerous guides (including on Wi-Fi) and reports)